Epo global updating

There are five FSMO roles, two per forest, three in every Domain. The SID consists of a Domain SID (which is the same for all SIDs created in the domain) and a RID which is unique to the Domain.

The global catalogue is used to compare data as it receives regular updates for all objects in all domains.

Any change to user-group references are updated by the infrastructure master.

The PDC emulator acts as a Windows NT PDC for backwards compatibility, it can process updates to a BDC.

It is also responsible for time synchronising within a domain.

These roles are installed automatically and there is normally very little reason to move them, however if you de-commission a DC and DCPROMO fails to run correctly or have a catastrophic failure of a DC you will need to know about these roles to recover or transfer them to another DC.

The forest wide roles must appear once per forest, the domain wide roles must appear once per domain. When an object such as a user, group or computer is created in AD it is given a SID.